The usage of "auditd" service.

n00b_noob

from LinuxQuestions.org on 2020-09-11 08:50 (#580HN)

Hello,
I'm using CentOS 8 and I tested my server by Lynis. It showed me below warning:
Quote:

* Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630]
https://cisofy.com/lynis/controls/ACCT-9630/

I wanted to disable this service but:
Code:# systemctl disable auditd
Removed /etc/systemd/system/multi-user.target.wants/auditd.service.

# systemctl stop auditd
Failed to stop auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

# systemctl status auditd.service
auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-08-25 16:33:31 +0430; 2 weeks 2 days ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Main PID: 1156 (auditd)
Tasks: 4 (limit: 23575)
Memory: 5.0M
CGroup: /system.slice/auditd.service
1156 /sbin/auditd
1158 /usr/sbin/sedispatch

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.Why?

Thank you.

latest?i=OOFFAIr8fUU:i_VMGFEazcM:F7zBnMy

latest?i=OOFFAIr8fUU:i_VMGFEazcM:V_sGLiP

latest?i=OOFFAIr8fUU:i_VMGFEazcM:gIN9vFw

Source	RSS or Atom Feed
Feed Location	https://feeds.feedburner.com/linuxquestions/latest
Feed Title	LinuxQuestions.org
Feed Link	https://www.linuxquestions.org/questions/